Re: SQL Injection
Too often the breach is caused by not fixing a know problem such as SQL injection or by not patching the code because it is too inconvenient. So a breach is inevitable when a black hat stumbles across them and given some the problems just about barely breathing script kiddie could hack some of these outfits.
Let's see, scaling for length of breach, bonus multiplier for SSNs.... that should be a fine of at least $50,000. Boy oh boy, that's gonna show them.
And that identify protection only lasts for a year (that's all Equifax and Experian each gave me when they were breached). So if I'm a hacker stealing SSNs, wait a year. Most of those SSNs (unlike credit card numbers) will still be valid.
I have so many "1 year free credit monitoring" offers that I could pass them along to my children and grandchildren and they would never run out - seriously, one of our credit cards is being replaced (for the 4th time in as many years) due to a corporate data breach, and then there are the debit card replacements, and just general company, organization and government technical security incompetence.